By Kim Dong-uk
The cryptocurrency fever that has shaken the world since the end of last year has been arousing people’s interest in blockchain technology and letting them know what it is. Recently, many platforms utilizing the technology have emerged, meaning that it is gradually becoming a part of our everyday life, not simply a measure of investment or speculation.
However, many blockchain-based platforms process user data, such as information on a person’s physical attributes, health or property, leading to privacy concerns. The current Personal Information Protection Act in Korea classifies such data as “personal information” and regulates its use and transfer by other parties.
In addition, even though the information stored on the blockchain may be de-identified or encrypted, it is still treated as personal information under the act, because it defines any information which, in combination with other information, can identify an individual as “personal information.” For these reasons, any entity that operates a blockchain-based platform should get consent from its users before processing their personal information. The purpose of this is to reassure users about the risk of leakage or misuse of their information, and to reduce legal risk.
Nevertheless, simply getting consent cannot solve all the problems related to personal information on the blockchain. Under the act, a data subject has the right to request correction or destruction of his or her information, whereas the data recorded on a blockchain can never technically be edited nor deleted. This can lead to an unintended violation of the law, because platform operators cannot correct or destroy the information at users’ request.
The issue has been debated globally, but the blockchain industry claims that it is not an insurmountable problem. Unlike public blockchains such as Bitcoin, private blockchains that are utilized for specific platforms have centralized operating entities. The industry insists that the issue can be resolved by recording on the blockchain only a one-way hash key that can access data stored in a database that is directly controlled or managed by the operating entity, and not by recording data on the blockchain itself.
However, this proposed solution can cause the inherent problems of a centralized information management system, such as hacking or information manipulation. If the issues can be solved technologically, that would be best. If there is no perfect solution, however, it will be necessary to find social consensus on the extent of a limited centralized form of management that does not impair the essence of blockchain technology, and that can legally supplement the limitation of the obligation on platform operators to correct or destroy users’ personal information when requested.
Tech & Comms team
The thoughts and opinions expressed in this column are those of its author and do not necessarily reflect those of HMP Law.